Working with Web ACLs

When you add rules to a web ACL, you specify whether you want AWS WAF to allow or
block
requests based on the conditions in the rules. If you add more than one rule to
a web
ACL, AWS WAF evaluates each request against the rules in the order that you list
them in
the web ACL. When a web request matches all the conditions in a rule, AWS WAF immediately
takes the corresponding action—allow or block—and doesn't evaluate the
request against the remaining rules in the web ACL, if any.

If you want to test a rule before you start using it to allow or block requests, you
can configure AWS WAF to
count the web requests that match the conditions in the rule. For more information,
see
Testing Web ACLs.